What's to be done if you end up being a victim of a website hack or malware attack? How to resolve things when you're at the receiving end of a phishing scam or of any other kind of online fraudulent activity, or if you're receiving spam?
Begin by confirming the hack
If you suspect that your website has been hacked, the first thing that you need to do is confirm the hack. So, how do you check if your website has any infections?
Yes, you need to confirm your doubts and verify the status of the site. There are lots of strange behaviors that happen on our website that could lead us to the conclusion that it has been hacked. We need to re-examine things to ascertain if the website has actually been hacked or whether it has been spammed.
If you get to see spam containing ads for illegal services, pornography or any other inappropriate content appearing in the header or the footer of your website, it could be an indication that your site has been hacked. Sometimes hackers inject such ads into your page as dark text on a dark background and hence they would remain invisible to human eyes, but for search engines, these ads would definitely be visible. That could cause much harm to your website.
Another symptom of your website getting hacked is that any visitor trying to get to your site would be re-directed to some malicious or spammy website. Hackers may play it clever, by hiding the spammy content from you and making it visible to the website visitors only. This shows that you should be doubly careful about things pertaining to the security of your website.
You could check if your website is hacked by doing a search on Google. You can type in your website's name and check if there are pages or content that looks malicious or unfamiliar. If there are such pages or content, then in all probability your website is hacked.
Another important indicator is your hosting provider sending you reports about strange behavior of your website or that your website shows signs of spam-related activity. The hosting provider may inform you that they are getting spam emails with links to your website. Such things indicate that hackers have succeeded in infecting your website with malware. They are perhaps using your website to redirect people to their own website. This is done so that they can avoid spam filters as spam filters wouldn't catch it when it's your website getting through and not theirs. If it's their website, it would definitely get caught.
So, once the website hack is confirmed, you need not panic. There are solutions that are available just a click away...
Proactive Detection Method: Use a source code scanner, beat Google at detecting hacks
A source code scanner helps scan websites for hacks and detect them even before Google does it. It's to be understood that website hacks remain invisible from the surface perspective and hence a source code scanner can help scan all PHP and other source codes to look for any malware pattern. A source code scanner works by checking signatures and finding if any of the signatures found to match known malware signatures. Some advanced scanners also detect new malware, the signature of which hasn't yet been stored on the databases; this is done by matching your source code with a known good version of the same code and detecting malicious presence. Source code scanners would alert you if any infection is found. There are many scanners that would connect you to a team of experts in case any hack is detected. These experts would help you get rid of the infection in a very effective manner and won't take too much of time for that either.
Do proactive detection using remote scanners
Proactive detection of website hacks can also be done by using remote scanners that check the "rendered" version of your website. You could use such a remote scanner as an additional tool to detect the malware on your website.
So, once you're sure your website is infected, you can get any of these scanner software to help you resolve the issue as well...
Once you confirm the hack, get a backup done
Once you confirm that your website is hacked, get a backup done. You can use FTP to download a copy of your whole website. This needs to be done without informing the hosting provider that your website has been hacked. If you inform them in advance, there are chances that they would delete the entire website and you won't be able to get a backup.
Once you get the backup downloaded, call the experts and get the website cleaned. You also have the backup that would help you restore your website...
Julia Sowells is a security geek with almost 5+ years of experience, writes on various topics pertaining to network security.